Sorry this is late. I've been on vacation.
JAAS is just a framework, it doesn't actually do any authentication of its own. The "advantage" you get with JAAS is that it supposedly allows you to integrate it with multiple applications. In practice this isn't so easy.
I am using JAAS behind Cocoon's authentication framework, but I am not using JAAS for authorization. I found that it didn't make a lot of sense. Frankly, after doing it I'm not sure the authentication part does either.
Ralph
At 9/20/2004 09:03 AM, you wrote:
The cocoon authentication framework allows you to use an authenticator class. Why can't you just plug JAAS into this class and have the best of both worlds?
Regards Jorg
Jennifer Yip wrote:Sorry guys - just came out of a long meeting on Security / Authentication and the question raised was:
Is J2EE or JAAS container managed security better than that found in the cocoon (portal) authentication framework?
Any help appreciated before this meeting continues in the morning
Regards
JENNY
